T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360
Welcome to Cyber Security Today. This is the Week in Review edition for Friday August 13th. I’m Jim Love, CIO and Chief Content Officer at IT World Canada sitting in for Howard Solomon who is off today.
My guest today is Terry Cutler, head of Cyology Labs. Cutler will join me later in the show, but first I’d like to do a bit of a review of cybersecurity news this week.
This is our week in review…
Howard covered a story on Monday’s edition of the program where he reported that a security company called Ponderance is warning IT teams that the Conti ransomware gang or its affiliates are still exploiting the Microsoft Exchange vulnerabilities that were revealed earlier this year. This story stuck out for me… for one thing, I’m hearing a lot about vulnerabilities in Microsoft Exchange, in Print services and in internet server software — IIS
Howard covered an Exchange hack this week that occurred even though the companies had patched their exchange software. The problem was that the company’s Exchange software was already infected before the patch was applied. That’s a real heads up for all of us – even if we think we getting our patching done, are we doing the scanning that we should do in case attackers got in before we applied the patch.
In a related story,
Thirteen of the published patches target a vulnerability in remote code execution, while some other eight patches focus on information disclosure.
Some of the released patches fixed three zero-day bugs, including the Windows Print Spooler Remote Code Execution vulnerability CVE-2021-36936, which has been a major topic of discussion since its discovery in June.
More news recently on Microsoft Vulnerabilities over the past few weeks. It seems like the world is in attack mode on the Microsoft trinity
Exchange – that runs email services
IIS – the Internet Information Server – the webserver that’s embedded in so much of Microsoft’s cloud-based technology
and the humble print server —-…